Tuesday, 13 November 2018
There is a new email scam to watch out for. Over the last few weeks you may have received an email that tells you that your account has been hacked, that malware has been placed on your machine to capture data and that you’ve been recorded watching porn.

Then comes the bitcoin extortion with varying amounts. To prevent this webcam video from being made public on your social networks or shared with your contacts.

It is, of course, a classic sextortion scam. There is no malware and no video, they are just aiming to install an element of fear in the hope that you'll pay anyway. The clever part here is that the hackers have used publicly available breach data to make the message look genuine by including a real-life old password from a previous data breach.

Many of these passwords appear to date from the large scale LinkedIn breach of 2012 which goes to show you that this compromised data has a long shelf life on the dark web. However, using data that's at least six years old does mean there's less chance of these details still being in use and consequently less chance of you falling for the scam.

Researchers at the Cisco Talos threat intelligence group have today released the results of their analysis of these attacks. One campaign began on August 30, and a second campaign began on October 5, both are still active. The researchers find that more than half of them originate from just five countries.

Vietnam: 15.9%
Russia 15.7%
India 8.5%
Indonesia 4.9%
Kazakhstan 4.7%

Over 200,000 email messages have been sent as part of these spam campaigns, however, the number of unique recipients is fairly low. Talos has found only 15,826 distinct victim email addresses.

Talos has also identified 58,034 unique Bitcoin wallet addresses associated with these spam campaigns. Only 78 of this 58 thousand Bitcoin wallets have positive balances, which add up to a combined value of $143,429.38. This proves that at least some people are paying up.

Some variants of the messages have used phone numbers rather than passwords to try to convince you that this is a legitimate hack. Other variations include threatening to disclose supposed evidence of cheating on a partner, or offering to sell evidence of a partner cheating on you. This is not a legitimate threat and you should not attempt to make any payment.
An example of the sextortion scam email

You can read more about these scams and how they work on the Talos blog.

If you are using an old password, it is advised to check your password on Troy Hunt's password tool: Have I been pwned.
Tuesday, 30 October 2018
Owning a domain name is not just finding the right domain and ensuring the domain is renewed each year. It is a long-term commitment to protecting it from expiration and common poor practices like unauthorized transfers and hijacking. This post will go over some tips for keeping your domain safe and ensuring you are following all the requirement set by ICANN. It is also worth checking out the good practices for managing domain registrations and keeping them safe from harm as recommended by ICANN.

Keep domain contact information up-to-date and accurate

When registering a domain name the registrant is required to provide contact details to the registrar.
This information is then published in the WHOIS database, allowing registrants to be contacted for domain-associated technical or operational matters, or security concerns etc.

No matter if the registrant has their contact information displayed or hidden in Whois (due to active Whois privacy protection or for GDPR reasons), registrants should make sure that the information is accurate and up-to-date at all times.

Otherwise, registrants will not be able to get important notifications about their domain names regarding expiration, transfer or Whois contact update verification.

Also, if a domain has been compromised, the registrant would not be contacted by security researchers.

Potential business partners who want to establish a contact with the registrant, if a company, will not be able to get in touch with the registrant either.

According to the Whois Data Reminder policy of ICANN, accredited registrars are required to send annual email reminders to registrants regarding the accuracy of their contact information.

This email requires that registrants review their contact information and make corrections if necessary.

Ignoring this email may lead to really unpleasant consequences for the registrant including:
  • leaving their domain to expire, this may result in them having to spend lots of time, effort and expense to recover it, or it may not be recoverable at all;
  • missing notifications about unauthorized changes to a domain name registration and allowing bad actors to gain access to an account and hijack a domain name;

If a registrant’s contact information is not kept up-to-date or if the registrant does not respond to domain accuracy inquiries by their registrar, the given domain could be suspended or even cancelled as per ICANN’s Whois Accuracy Policy.

To prevent this from happening, a registrant should update their contact information promptly in the event of a change to the name, postal address, email, phone number, etc.

Each domain TLD has its own transfer rules

Each domain registrant has the right to transfer a domain name to another registrar or registrant, as outlined in the ICANN’s Transfer Policy.

To do that, they should keep in mind a few important ICANN rules, as follows:
  • A domain name cannot be transferred to a new registrar/registrant within 60 days of a change to the registrant or administrative contact information. This is why a registrant may consider completing the transfer process prior to making a change;
  • Usually, a domain name may not be transferred within the first 60 days of the initial registration of a domain name, or within 60 days of a transfer;
  • A domain transfer can only be initiated by the registered name holder or the administrative contact for the domain name. This aims to prevent unauthorized transfers of a registrant’s domain name. 

This is also the reason it’s important to keep domain contact information up-to-date.

Best practices for resolving a domain transfer issue

If a domain registrant experiences problems making a transfer, they could consider the following tips and suggestions on what might be the reason for the issue and how to resolve it.
1. There are a few instances when a registrar cannot transfer a domain name, such as:

  • The domain name is subject to a 60-day change-of-registrant lock, as explained earlier;
  • The transfer request has been initiated within 60 days of the initial registration or a previous transfer;
  • The domain is locked with the current registrar and in ‘Registrar Lock’ or ‘Client Transfer Prohibited’ status;
  • The domain is the subject of an ongoing Uniform Domain Name Dispute Resolution Policy (UDRP), Transfer Dispute Resolution Policy (TDRP) or Uniform Rapid Suspension (URS) proceeding;
  • The domain is subject to a court order;
2. Depending on the registration agreement a registrant has signed with their registrar, the latter may deny a transfer due to the following reasons:
  • evidence of fraud report;
  • the person who initiates the transfer is not actually listed as the registrant of record;
  • the registrant has an outstanding payment for a previous registration period;
While ICANN regulates domain transfers via their policies, it is not a registrar and does not engage in the transfer process itself.

For that reason, when having issues transferring a domain name the registrant should always contact their registrar for assistance.

If the issue persists, then the registrant can submit a formal Transfer Complaint with ICANN.

How to protect a domain name from cyber crime

Whether used for business or personal purposes, a domain name is a valuable asset, which should be managed with utmost care.

Here are some practices to help registrants prevent their domains from being hijacked or transferred against their will, as per ICANN’s recommendations:

1. Use an email address not associated with the domain name itself

When providing an email address for the Whois record at signup the registrant should use an email address that is not associated with the domain name they register.

For instance, if their domain name is example.com, it is best to use an address that is not user@example.com.

By maintaining a different email address for the Whois record the registrant will be able to prove ownership in any eventual cases of hijackers having gained control of their domain name.

They will be able to provide that email address as evidence to the registrar that they are the registered holder of the domain name in question before it was altered by unauthorized access to their account.

2. Create a strong password and enable 2FA

Domain owners bear full responsibility for the security of their domain name.
They should create a secure password for their domain name account and use it for that account exclusively.

At Thexyz you can enable two-factor authentication or YubiKey authentication to further secure an account.

Also, they should not share the login details with anyone, including their web designer.

3. Keep a domain name with a transfer lock on

Putting a transfer lock on a domain name is another safety measure a registrant can take against unauthorized transfers or hijacking.

Each registrar has adopted its own way of implementing the transfer lock option.

For instance, our customers can lock/unlock their domains themselves with a clock from the Account Portal, while some registrars will do that for the registrant per request.

4. Beware of incorrect registrant information (for organizations)

As per ICANN’s rules, if a legal entity is listed in the Registrant Organization field of the Whois record then that legal entity is considered the registrant of the domain name.

However, it’s common practice for organizations to have an employee register their domain name and not get the corresponding fields filled in correctly.

The employee may leave the Registrant Organization blank and would include their own name in the registrant name field which automatically turns them into the actual owner of the company’s domain.

This would allow a disgruntled employee to claim rights to the domain and attempt to transfer it away to claim ownership.

This is why organizations should make sure that their legal name is listed in the Registrant Organization field, and that a role-/department-based name is listed in the Registrant Name field.

5. Be careful about domain management roles (for organizations)

Organizations should not list website designers or any other third parties as the registrant(s) of their domain name.

If an organization decides to outsource the management of its domains to a third party it should still be listed as the registrant of the domain.

Otherwise, the third party may decide to transfer the domains away to a different registrar and deprive the organization, its customers, and business partners of use of the domain(s).

If a third party is listed as the domain’s administrative, technical or billing contact for the domain, the organization should take measures to establish a contractual relationship with the third party following a legal consultation.

According to ICANN, it is good practice to include provisions in the contract that concern the assignment of domain management tasks per the organization’s instructions, including transfer requests, domain renewals, name server records update, contact data or domain status update, etc.
Also, the organization should add provisions regarding the operational measures that the administrative and technical contacts should implement to protect their domain name(s) from DDoS attacks against the domain’s name servers or the unauthorized modification or addition of zone records, etc.

Those measures could include filing reports with the corresponding registrar or with law enforcement in the appropriate jurisdictions.

Finally, the agreement should also define the sanctions for situations in which the third party listed as administrative or technical contact violate their domain administration obligations.

What to do in the event of unauthorized domain transfer

If a domain has been transferred to a new registrar/registrant, the registrant should contact their registrar immediately.

If no actions are taken on time the given domain name may be transferred again and again, making it much harder to retrieve it.

The registrar should act in compliance with the ICANN’s Transfer Dispute Resolution Policy, which governs the transfer of domains and is designed to protect the registrant in such situations.

If the registrar is unable or unwilling to assist, then the registrant can submit an Unauthorized Transfer Complaint with ICANN, who will review the situation and assist in recovering your domain, should there be grounds for that.

Good domain management practices allow domain owners to have their online presence uninterrupted and prevent them from losing their domain names due to expiration or hijacking.
Following good practices is essential for companies, since this could help maintain a more secure business environment as well as a safer experience for their customers.

Companies are highly recommended by ICANN to periodically review their domain registrations and include domain name and overall DNS management within their risk management programs.

Here is a list of all ICANN resources that can help you learn more about good domain management practices:

About the Author

I'm Perry Toone, a British Software Developer with keen expertise in spam and fraud prevention.  You'll regularly find me talking about email privacy and best practices via my podcast.
Monday, 10 September 2018

Just last week, Verisign – the global leader in domain name and Internet security services, released its latest domain name industry report, which offers an up-to-date insight into the global TLD market trends.

The report covers the second quarter of 2018 and gives valuable information about the TLD performance on the domain market.

Check out the main domain name industry highlights from the report and see which types of domains are most popular at Thexyz.

What is the Verisign domain industry report?

The latest industry report from Verisign shows that the first half of 2018 closed with about 339.8 million domain name registrations across all TLD extensions worldwide.

This figure marks a 2% increase of domain registrations compared to the first quarter of 2018, which means that approximately 6 million more domain names were registered over a period of just 3 months!

This is quite a remarkable figure, bearing in mind that the number of domain registrations in the previous quarter period grew by only 1.4 million (0.4%) as compared to the fourth quarter of 2017.
In comparison to the figures from a year ago, domain name registrations mark a 2.4% spike, which translates into an increase by almost 8 million domain names.

In their latest report, Verisign presents a breakdown of the domain registrations by TLD, which gives a good idea of the most popular TLDs on the market:

As of June 30, 2018, the most popular gTLDs on the market are .COM, .NET, .ORG and .INFO as their base (a total of 165.4 million) represents 49% of all registrations worldwide.

.COM keeps being the front runner with the impressive 135.8 million registrations, which have grown by 5% since June 2017.

The other three gTLDs show a drop in registrations compared to last year, with .NET reaching a 7% decrease in numbers.
The total number of country-code (ccTLD) domain name registrations amounts to 149.7 million, which represents around 44% of all TLD registrations, as of June 30 2018.

This is an increase of approximately 5.5 million domain name registrations, or 3.8 percent, compared to the second quarter of 2017.

According to the Verisign’s report, the most popular ccTLD, as of June 30, 2018, is .CN with the stunning 22.7 million registrations, followed by .TK (a free ccTLD), .DE (Germany’s TLD), .UK
 and .RU.

The remainder of the Top 10 chart of ccTLDs is completed by the Netherlands’ .NL TLD, Brazil’s .BR TLD, the European Union’s .EU TLD, France’s .FR TLD and Italy’s .IT TLD.

The total reported amount of nTLDs at the end of the first half of 2018 was 21.8 million, a decrease of approximately 2.5 million domain name registrations, or 10.4 percent, compared to June 30, 2017.
According to the report, the most popular nTLDs are .TOP, .LOAN and .XYZ, followed by .CLUB and .ONLINE.

The report includes a chart, which shows that nTLD registrations represent 6.4% of all TLD registrations:

For more TLD stats, check out the latest issue of the Domain Name Industry Report.

What are the most popular TLD's at Thexyz?

Following up with the report of Verisign, we’ve made our own research into the TLD trends across Thexyz.

As of June 30, 2018, we’ve observed a 5% increase in the number of domain registrations compared to the volumes from a year ago.

  • gTLDs and ccTLDs have preserved steady increase rates year over year.
  • In contrast to the global nTLD trend, however, we’ve seen an increase in the number of new generic TLD registrations as well.
  • This is largely due to the increased number of nTLDs on our platform and also the various promo campaigns we’ve been running for some of the most attractive ones.
  • And of course, thanks to your continued support.
In the chart below, you can see the distribution of domain registrations in regards to TLD types as of June 30, 2018:

gTLDs still have a dominating presence in the chart and will most probably continue to do so for a long time in tune with the global trend.

It seems that regardless of the growing significance of the local factor (ccTLDs) and the increasing popularity of keyword based domains (nTLDs), .COM, .NET and .ORG will continue to be a top choice for the majority of new registrations across our platform and the market in general for years to come.

The chart listed below lists the most popular TLDs across our platform:

As in the Verisign report, the top 10 chart on our platform features the most popular gTLDs – .COM, .NET, .ORG and .INFO.

As for ccTLDs, the chart is a reflection of the markets where the majority of our customers operate in, namely the United Kingdom, Australia, United States, Canada and New Zealand.

It’s interesting to note that .CO – albeit a ccTLD, has entered into our top 10 chart thanks to its growing popularity as an alternative to .COM.

Even with all of the new domain extensions, catchy .COM alternatives and a variety of country-specific TLDs on the market today, .COM remains on top when it comes to domain industry trends.

Although .COM isn’t always the top choice for startups and small businesses today, it is still an important decision-taking factor. So it will likely remain on top thanks to it its universal recognition and long-standing history online.

Trending Posts

Blog Archive


News (65) Web Hosting (48) security (25) Email (19) webmail (19) Advertising (15) Thexyz Cloud (14) Tutorials (13) Video (4) resellers (2)